ACIT4055 Security Politics, Cyberwar, and Ethics Emneplan

In this course, you will explore the political, legal, ethical and strategic dimensions of cybersecurity and cyber conflict. As societies have become deeply dependent on digital infrastructure, cyberspace has emerged as a domain where states, private companies and non-state actors interact, compete and increasingly challenge each other. This dependence creates vulnerabilities that allow actors with limited resources to cause significant harm, making cybersecurity central to national security, international stability and global governance.

Cyber operations now shape international relations through espionage, political influence, disruption of critical infrastructure and support to military operations. Non-state actors, including criminal groups, hacktivists, terrorist organisations and private cybersecurity firms play an increasingly prominent role, blurring the lines between crime, warfare and political action.

At the same time, information warfare, mis- and disinformation, targeted hacking and the weaponisation of data have become tools of modern conflict, raising difficult legal and ethical questions. How does international law apply to cyber operations? When does a cyberattack cross the threshold into the use of force or armed conflict? How should societies balance national security with privacy, individual rights and democratic accountability?

Throughout the course, you will examine these issues through perspectives from international law, international relations, ethics and security studies, gaining the knowledge and skills needed to analyse emerging cyber threats and the governance models that seek to address them.

Language of Instruction: English

Students should be comfortable using literature reference managers such as Zotero, EndNote, RefWorks, Mendeley for literature search and proper citation. OsloMet’s library offers helpful courses in both literature searching and reference management and students are strongly encouraged to make use of these resources to strengthen their academic writing.

It is also beneficial for students to bring a genuine interest and curiosity for topics such as international politics, cybersecurity and global governance. A passion for understanding how technology intersects with law, ethics and international affairs will make it easier to engage with the course’s interdisciplinary content. Familiarity with reading policy documents, strategy papers and academic literature is helpful, but not required. Students with motivation to explore complex societal challenges, ranging from cyber operations to information warfare will be well equipped to succeed in this course.

No formal requirements over and above the admission requirements.

A student who has completed this course should have the following learning outcomes defined in terms of knowledge, skills and general competence:

Knowledge

On successful completion of this course the student has:

• advanced knowledge of how international law applies to cyber operations conducted by state and non-state actors in peacetime and during armed conflict, including the principles of sovereignty, non-intervention, state responsibility and the prohibition on the use of force
• an understanding of the main sources of international law (treaties, customary international law, general principles, case law and doctrine) and how they are interpreted, contested and sometimes strained in cyberspace governance
• an understanding of how different models of cyberspace governance and "cyber sovereignty" (for example US, NATO, EU, China, Russia) shape global power relations, norm development and multistakeholder versus state-centric approaches
• comprehensive knowledge of the role of non-state actors in cyberspace, including hackers, criminal organisations, hacktivists, cyber mercenaries, terrorist groups and private cybersecurity firms, and how they interact with and challenge state authority
• an understanding of how cybersecurity has become a central topic in security politics and national security policy, including the evolving roles of the state as protector, regulator, partner, market actor and potential originator of cyber threats
• advanced knowledge of key debates on "cyberwar", including how cyber operations relate to concepts such as use of force, armed attack, jus ad bellum, jus in bello, just war theory and emerging ideas such as jus ad vim
• an understanding of information warfare and cyber weapons, including mis- and disinformation, propaganda, psychological operations and their impact on elections, public opinion, societal trust and international stability
• knowledge of how global risk assessments (for example World Economic Forum Global Risks Reports) frame cyber-related risks in relation to broader geopolitical, technological, societal and environmental developments
• comprehensive knowledge of central approaches to cybersecurity ethics, including ethical theories, value conflicts (such as privacy versus security, individual versus state security, connectivity versus inequality) and debates on ethical versus unethical hacking, hackback and the ethics of offensive cyber operations
• an understanding of the ethical and political implications of the growing role of the private sector and cybersecurity markets, including issues of inequality, democratic accountability, regulation and the distribution of cybersecurity protection.

Skills:

On successful completion of this course the student can:

• critically analyse how international law and international humanitarian law (IHL/LOAC) apply to concrete cyber incidents, including questions of attribution, sovereignty, non-intervention, armed conflict thresholds and state responsibility
• evaluate whether specific cyber operations may amount to a use of force or an armed attack, and discuss legally available response options (such as retorsions, countermeasures, self-defence and peaceful dispute settlement)
• assess how different governance models, national cybersecurity strategies and geopolitical interests shape state behaviour, norm development and international negotiations on cyber norms and cybercrime conventions
• identify and analyse the role of non-state actors in cyber conflict and information warfare, including their motivations, capabilities, relationships with states and implications for international law and security policy
• apply ethical theories, just war theory and cybersecurity ethics frameworks to real and hypothetical cases, and discuss moral dilemmas related to surveillance, cyber espionage, offensive operations, hack-back and whistleblowing
• critically evaluate information operations, mis/disinformation and propaganda campaigns, and explain how these influence democratic processes, societal cohesion and perceptions of legitimacy and truth
• analyse the ethical and political implications of private-sector roles in cybersecurity, including active cyber defence, outsourcing of security functions, market-driven inequalities and questions of democratic control
• interpret and synthesise complex policy documents, international reports and academic literature related to cyberwar, cyber governance, information warfare and cybersecurity ethics
• develop and present well-reasoned arguments, orally and in writing, about legal, political and ethical challenges in the digital domain to both specialist and non-specialist audiences.

General competence

On successful completion of this course the student can:

• critically engage with complex legal, political and ethical issues that national security decision-makers, policymakers, private actors and cybersecurity professionals face in the digital age
• recognise and reflect on their own ethical responsibilities as (future) professionals in cybersecurity and related fields, including in relation to privacy, surveillance, offensive and defensive operations and the protection of democratic institutions and critical infrastructure
• understand and explain the importance of safeguarding critical infrastructure and information systems as a precondition for societal resilience, public trust, human rights protection and international stability
• demonstrate intellectual flexibility by integrating perspectives from law, politics, ethics and technology to understand and respond to emerging cyber threats, technological developments and governance challenges
• contribute to informed, responsible public and professional debates on cybersecurity, cyber conflict, information warfare and ethical hacking, grounded in a solid understanding of international law, security politics and ethical principles.

• Lectures
• Guest lectures
• Assigned readings
• Case studies, including internet-based fieldwork and policy analysis
• Writing assignments
• Group discussions and presentations
• Collaborative group work and peer feedback on classmates’ contributions
• Scenario-based challenges and competitions

The following required coursework must be completed and approved before the student is eligible to take the exam:

1. Individual: An individual written policy, strategy document, or essay (1 500 - 2 000 words, +/- 10%). The assignment must demonstrate the student’s ability to engage critically with central course themes and apply relevant legal, political and ethical perspectives.
2. Active Participation: students must participate actively in three interactive learning activities, conducted in groups of 3-5 students. These may include structured debates, role-play exercises, crisis simulations, stakeholder negotiations or similar formats. Presence and substantive contribution are required.
3. Group Presentation: Students, working in groups of 3-5, must deliver a 10-minute oral presentation on an assigned topic related to the course content. All groups are required to attend each other’s presentations. Both presence and meaningful contribution to the group work are required.

The final examination consists of a two-day, scenario-based exam, conducted in two phases. The exam is completed in groups of 3-5 students and counts for 100% of the final grade.

Phase/Part 1 counts 40% of the total grade

• Written Policy Brief, max 500 words

Phase/Part 2 counts 60% of the total grade

• 2 single-sided pages or 1 double-sided page decision document- 20%
• Oral Policy Brief (10-mins presentation + 10-mins Q&A) - 40%

Detailed information about the exam process will be provided during the course.

The examination assesses students’ ability to analyse complex cyber-related crisis scenarios, apply course knowledge and methods and develop coherent and justified policy responses under evolving conditions.

The group oral presentation examination cannot be appealed.

New/postponed exam:

In case of failed exam or legal absence, the student may apply for a new or postponed exam. New or postponed exams are offered within a reasonable time span following the regular exam. The student is responsible for registering for a new/postponed exam within the time limits set by OsloMet. The Regulations for new or postponed examinations are available in Regulations relating to studies and examinations at OsloMet.

All aids are permitted, provided the rules for plagiarism and source referencing are complied with.

Grade scale A-F.

Two internal examiners.

Professor Lothar Fritsch and Assistant Professor Nuno Marques